Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.

Patents

  1. Advanced Patent Search
Publication numberUS20050164699 A1
Publication typeApplication
Application numberUS 10/508,620
PCT numberPCT/EP2002/012276
Publication dateJul 28, 2005
Filing dateNov 1, 2002
Priority dateMar 22, 2002
Also published asEP1488570A1, EP1488570B1, WO2003081841A1
Publication number10508620, 508620, PCT/2002/12276, PCT/EP/2/012276, PCT/EP/2/12276, PCT/EP/2002/012276, PCT/EP/2002/12276, PCT/EP2/012276, PCT/EP2/12276, PCT/EP2002/012276, PCT/EP2002/12276, PCT/EP2002012276, PCT/EP200212276, PCT/EP2012276, PCT/EP212276, US 2005/0164699 A1, US 2005/164699 A1, US 20050164699 A1, US 20050164699A1, US 2005164699 A1, US 2005164699A1, US-A1-20050164699, US-A1-2005164699, US2005/0164699A1, US2005/164699A1, US20050164699 A1, US20050164699A1, US2005164699 A1, US2005164699A1
InventorsChristopher Temple, Mathias Rausch
Original AssigneeChristopher Temple, Mathias Rausch
Export CitationBiBTeX, EndNote, RefMan
External Links: USPTO, USPTO Assignment, Espacenet
Remote switching a communication device in a communication network
US 20050164699 A1
Abstract
A communication network (300, 400), and (D1-D3, D11-D13, 500) for use therein, comprising a plurality of nodes (N1-N4, N11-N13), a communication medium for communicating between the plurality of nodes; and communication diode arrangement(s) (D1-D3, D11-D13, 500) for controlledly enabling/disabling access of the node(s) to the communication medium by control external to the node(s). The communication diode arrangement(s) can enforce fail-silence in the time domain within a distributed computer system, showing resilience against spatial proximity faults. The communication diode arrangement(s) may be controllable not only by time but also by commands embedded in frames. This allows isolation of a faulty processing node and/or subnets within an embedded distributed real-time communication system, such as for automotive by-wire applications (FlexRay, TTP), under consideration of spatial proximity faults.
Images(4)
Previous page
Next page
Claims(17)
1. A communication network comprising:
a plurality of nodes;
a communication medium for communicating between the plurality of nodes; and
communication diode means for controlledly enabling/disabling access of at least one of the plurality of nodes to the communication medium by control means external to the at least one of the plurality of nodes,
such that isolation of a faulty node and/or subnets within the communication network can be achieved.
2. The communication network of claim 1, wherein the communication diode means comprises:
channel interface means for interfacing between the diode means and a communication channel; and
switch means for enabling/disabling signals on the channel.
3. The communication network of claim 2, wherein the switch means comprises:
first direction switch means for enabling/disabling signals in a first direction on the channel; and
second direction switch means for enabling/disabling signals in a second direction on the channel opposite the first direction.
4. The communication network of claim 1, wherein the communication diode means is arranged to be controlled by time-based control signals from an external control network.
5. The communication network of claim 1, wherein the communication diode means is arranged to be controlled by frame-based control signals from an external control network.
6. The communication network of claim 1, wherein the network comprises a distributed computer system.
7. The communication network of any claim 1, wherein the network is arranged for real-time communication.
8. The communication network of claim 1, wherein the network is arranged for use in an automotive application.
9. An arrangement for use in a communication network having a plurality of nodes, and a communication medium for communicating between the plurality of nodes, the arrangement comprising communication diode means for controlledly enabling/disabling access of at least one of the plurality of nodes to the communication medium by control means external to the at least one of the plurality of nodes such that isolation of a faulty node and/or subnets within the communication network can be achieved.
10. The arrangement of claim 9, wherein the communication diode means comprises:
channel interface means for interfacing between the diode means and a communication channel; and
switch means for enabling/disabling signals on the channel.
11. The arrangement of claim 10, wherein the switch means comprises:
first direction switch means for enabling/disabling signals in a first direction on the channel; and
second direction switch means for enabling/disabling signals in a second direction on the channel opposite the first direction.
12. The arrangement of claim 9, wherein the communication diode means is arranged to be controlled by time-based control signals from an external control network.
13. The arrangement of claim 9, wherein the communication diode means is arranged to be controlled by frame-based control signals from an external control network.
14. The arrangement of claims 9, wherein the network comprises a distributed computer system.
15. The arrangement of any one of claim 9, wherein the network is arranged for real-time communication.
16. The arrangement of claim 9, wherein the network is arranged for use in an automotive application.
17. An integrated circuit comprising the arrangement of claim 9.
Description
    FIELD OF THE INVENTION
  • [0001]
    This invention relates to communication networks and particularly, though not exclusively, to embedded, fault-tolerant, dependable, distributed computer systems.
  • BACKGROUND OF THE INVENTION
  • [0002]
    In a distributed physical real-time system based on shared communication media, such as a broadcast bus or star topology, it is important to prevent a single faulty node from monopolizing the communication media. Since it cannot be assumed that a faulty node obeys the system's media arbitration policy, but that it will rather send messages at arbitrary points in time, it is necessary to protect the communication media against such uncontrolled node failures.
  • [0003]
    Two approaches are known for protecting shared communication media against uncontrolled node failures. Both approaches assume a regular, temporal deterministic media access scheme:
      • A first approach proposes integrating a device, called bus guardian, with each node that controls the node's access to the communication media. The bus guardian is provided with apriori information about the transmission scheme of its associated node and enforces that access to the communication media is only given in accordance with the transmission scheme.
      • A second approach is based on a star topology. It proposes integrating a distribution unit within the star coupler granting access of the respective nodes to the star according to a cyclical time slice method. Again the distribution unit, which is provided apriori before run-time with the transmission scheme of the connected nodes, imposes that at a given instant only one node is capable of transmitting to the remaining nodes according to the transmission scheme.
  • [0006]
    From U.S. Pat. No. 4,015,246, titled “Synchronous Fault Tolerant Multi-Processor System”, there is known a bus guardian for a non-distributed fully synchronous multi-processing system based on very specific architectural assumptions (mininmum 3 buses, 6 processors).
  • [0007]
    From U.S. Pat. No. 4,860,280, titled “Apparatus and Method for a sSecure and Diagnosable Antijabber Communication Circuit”, it is known that in order to prevent ‘jabber’ (the uncontrolled transmission of messages on a communication channel) an anitjabber timing unit is frequently used to determine whether a message on the communication channel exceeds the maximum predetermined length of time.
  • [0008]
    From the publication of the Institut für Technische Informatik, Technische Universitat Wien, titled “Avoiding the Babbling-Idiot Failure in a Time-Triggered Communication System”, it is known to use a bus guardian added to each node to protect a communication bus from babbling-idiot failure by exploiting the regular transmission poattern of a time-triggered system in order to enforce fail-silent behaviour of the node in the time domain.
  • [0009]
    From patent publication WO 0113230 A1, 2001, titled “Method for Imposing the Fail-Silent Characteristic in a Distributed Computer System and Distribution Unit in such a System”, it is known to use a server-interconnecting distribution unit which knows apriori the servers' regular transmission pattern and imposes that a server is only able to transmit to remaining servers within a statically allocated time slice. From U.S. Pat. No. 5,355,375, titled “Hub Controller for Providing Deterministic Access to CSMA Local Area Network”, it is known to alter a basic non-deterministic contention algorithm of the CSMA/CD protocol LAN within a hub controller to inhibit any CSMA/CD transmissions by a port, allowing the hub controller to control which of the multiple ports will be allowed to contend for access to a common internal bus within the hub controller and for how long.
  • [0010]
    It will be understood that these known techniques fall into one of the two approaches summarized above.
  • [0011]
    However, both approaches suffer from drawbacks:
      • The first approach suffers as it relies on functional independence between the node and its associated bus guardian in the event of a fault, since perceivable faults may cause not only the node but also its associated bus guardian to fail in an uncontrolled way. Due to the physical proximity of the two units this independency cannot always be convincingly ensured.
      • The second approach suffers from use of a star coupler. In many environments it is not feasible to run a communication channel from every node to the star coupler for economical reasons. In addition, the star coupler represents a single point of failure in the system that has a higher probability of failure compared to a passive component such as a bus as it contains a significant number of active components, such as, for example, a microcontroller.
  • [0014]
    A need therefore exists for a communication network and arrangement for use therein wherein the abovementioned disadvantage(s) may be alleviated.
  • STATEMENT OF INVENTION
  • [0015]
    In accordance with a first aspect of the present invention there is provided a communication network as claimed in claim 1.
  • [0016]
    In accordance with a second aspect of the present invention there is provided an arrangement for use in a communication network as claimed in claim 9.
  • [0017]
    In brief, the invention proposes introducing an arrangement or component into a network, such as a distributed system, the component operating as a “communication diode”. This component is placed at strategic positions within the communication network, where it serves as a firewall for uncontrolled node failures. This allows the enforcement of fail-silence in the time domain within a distributed computer systems showing resilience against spatial proximity faults.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • [0018]
    One communication network and arrangement for use therein incorporating the present invention will now be described, by way of example only, with reference to the accompanying drawing(s), in which:
  • [0019]
    FIG. 1 shows a schematic block-diagram illustrating a known guard device located within and controlled by a processing node in a prior art communication network;
  • [0020]
    FIG. 2 shows a schematic block-diagram illustrating a known guard device located within and controlled by a central distribution unit in a prior art communication network;
  • [0021]
    FIG. 3 shows a schematic block-diagram illustrating the structure of a novel communication diode for use in a communication network incorporating the invention; and
  • [0022]
    FIG. 4 shows a schematic block-diagram illustrating a communication network containing four nodes and three communication diodes, as shown in FIG. 3, incorporating the invention; and
  • [0023]
    FIG. 5 shows a schematic block-diagram illustrating a communication network containing three nodes and three communication diodes, as shown in FIG. 3, incorporating the invention.
  • DESCRIPTION OF PREFERRED EMBODIMENT
  • [0024]
    In brief, the invention in one aspect introduces an arrangement or component into a distributed system that operates as a “communication diode”. This component is placed at one or more strategic positions within the communication network, where it serves as a firewall for uncontrolled node failures.
  • [0025]
    FIG. 1 shows a first, known prior art approach in which each node 100 includes a device 110, typically termed a bus guardian, that controls the node's access to the communication media. The bus guardian 110 contains input and output amplifiers 120 and 130; the bus guardian 110 also contains a switch 140, controlled by the processing node, which enables or disables the node for outputting signals to a channel interface (and thereby onto the communication media). The bus guardian 110 is provided with apriori information about the transmission scheme of its associated node and enforces that access to the communication media is only given in accordance with the transmission scheme.
  • [0026]
    It will be appreciated that the approach illustrated in FIG. 1 suffers as it relies on functional independence between the node and its associated bus guardian in the event of a fault, since perceivable faults may cause not only the node but also its associated bus guardian to fail in an uncontrolled way, and due to the physical proximity of the two units this independency cannot always be convincingly ensured.
  • [0027]
    FIG. 2 shows a second known, prior art approach which is based on a star topology. A star coupler 200 has integrated within it a distribution unit 210 which grants access of the respective nodes 1-n (of which only three, node 220, node 230 and node 240 are shown) to the star coupler 200 according to a cyclical time slice method. Similarly to the approach of FIG. 1 discussed above, the distribution unit 210 is provided apriori before run-time with the transmission scheme of the connected nodes, and imposes that at a given instant only one node is capable of transmitting to the remaining nodes according to the transmission scheme.
  • [0028]
    It will be appreciated that the approach illustrated in FIG. 2 suffers from use of a star coupler. In many environments it is not feasible to run a communication channel from every node to the star coupler for economical reasons. In addition, the star coupler represents a single point of failure in the system that has a higher probability of failure compared to a passive component such as a bus since it contains a significant number of active components, such as, for example, a microcontroller.
  • [0029]
    Referring now to FIG. 3, a network 300 incorporating the present invention contains four nodes N1-N4 and three components D1-D3, termed ‘communication diodes’, which will be explained in more detail below. The communication diode D1 is connected between the node N1 and the communication medium; the communication diode D2 is connected between the node N1 and the communication medium; and the communication diode D3 is connected between the node N3 & N4 and the communication medium. As will be explained in greater detail below, the communication diodes D1-D3 are controlled to enable/disable their respective nodes from accessing the communication medium.
  • [0030]
    A key virtue of the invention is its versatility: the communication diode can be deployed in a multitude of ways—it can not only be used to protect a shared communication media like a bus or a star from a node (illustrated in FIG. 3 with D1 and D2) but it can also protect subnets from subnets (illustrated with D3). It is also possible to use the communication diode to physically move the node from the bus connection as shown for node N1 and node N2. In addition it is possible to operate the diodes in a unidirectional or bi-directional way.
  • [0031]
    FIG. 4 shows a communication network 400 where a separate disjoint control network 410 interconnects three nodes N11-N13, which are coupled to communication medium 420 by respective communication diodes D11-D13.
  • [0032]
    FIG. 5 illustrates the structure of a communication diode, which may be used as the communication diodes D1-D3 and D11-D13. The communication diode 500 has two communication channel interfaces 510 & 520 (having interface amplifiers 530, 540, 550 & 560), switches 570 & 580 and control logic 590. The control logic 590 contains the rule base used to control the switches. The rules may range from a pure time-access pattern to more sophisticated rules that consider and/or are controlled by packets that are picked up by the communication diode at an interface 595. Optional connections (dashed lines) indicate that it is also possible to have the communication diode communicate with other devices, for example, for maintenance purposes. The optional interface from the control logic can be used, for example, to connect the communication diode to a separate control network (not shown).
  • [0033]
    It will be understood that the networks 300 and 400 provide a dependable communication in the event of node error/failure by enforcing fail-silence of the node in the time domain. It will be understood that these networks provide isolation of a faulty processing node and/or subnets within an embedded distributed real-time communication system such as, for example, in automotive by-wire applications (‘FlexRay’, ‘Time-Triggered Protocol’-TTP) under consideration of spatial proximity faults.
  • [0034]
    In summary, it will be appreciated that the networks 300 and 400 provide:
      • spatial separation between processing node and guards
      • they may be placed within the network line (allowing eavesdropping)
      • they require no control signals from processing nodes (since they are controlled by a separate control network among guards)
      • they may be controlled not only by time but also by commands embedded in frames.
  • [0039]
    It will further be understood that the communication diode 500 may conveniently be fabricated in integrated circuit form (not shown), and may be inserted as desired at one or more points in a network to provide the advantageous functionality described above.
Patent Citations
Cited PatentFiling datePublication dateApplicantTitle
US4015246 *Apr 14, 1975Mar 29, 1977The Charles Stark Draper Laboratory, Inc.Synchronous fault tolerant multi-processor system
US4860280 *Nov 17, 1987Aug 22, 1989Honeywell Inc.Apparatus and method for a secure and diagnosable antijabber communication circuit
US4903016 *Jul 5, 1988Feb 20, 1990Ricoh Company, Ltd.Communication control unit
US5355375 *Mar 18, 1993Oct 11, 1994Network Systems CorporationHub controller for providing deterministic access to CSMA local area network
US5712847 *Dec 14, 1995Jan 27, 1998Fujitsu LimitedLine switching system for duplexed fiber interface shelf between different modes
US5802043 *Nov 21, 1996Sep 1, 1998Northern Telecom LimitedTransport architecture and network elements
US5809220 *Jul 20, 1995Sep 15, 1998Raytheon CompanyFault tolerant distributed control system
US5887176 *Jun 28, 1996Mar 23, 1999Randtec, Inc.Method and system for remote monitoring and tracking of inventory
US5974027 *Feb 10, 1995Oct 26, 1999Gpt LimitedTelecommunications network including a channel switching protection arrangement
US6147967 *May 9, 1997Nov 14, 2000I/O Control CorporationFault isolation and recovery in a distributed control network
US6263388 *Nov 30, 1998Jul 17, 2001International Business Machines CorporationData processing system and method for remotely disabling network activity in a client computer system
US6434288 *Aug 30, 1999Aug 13, 2002Kdd CorporationOptical switching system
US6442694 *Feb 27, 1998Aug 27, 2002Massachusetts Institute Of TechnologyFault isolation for communication networks for isolating the source of faults comprising attacks, failures, and other network propagating errors
US6718141 *Dec 23, 1999Apr 6, 2004Nortel Networks LimitedNetwork autodiscovery in an all-optical network
US6754185 *Sep 27, 1999Jun 22, 2004Koninklijke Philips Electronics N.V.Multi link layer to single physical layer interface in a node of a data communication system
US6870814 *Oct 12, 1999Mar 22, 2005Hewlett-Packard Development Company, L.P.Link extenders with error propagation and reporting
US6879558 *Oct 11, 2000Apr 12, 2005Fujitsu LimitedSwitching method for bidirectional line switched ring and node apparatus used in the ring
US6914878 *Oct 16, 2000Jul 5, 2005Telefonaktiebolaget Lm Ericsson (Publ)Fault detection in multi-plane switch
US7113698 *Nov 6, 2001Sep 26, 2006Ciena CorporationFault detection and isolation in an optical network
US7230926 *May 1, 2002Jun 12, 2007Intel CorporationIsolation technique for networks
US20020063929 *Jul 21, 1998May 30, 2002David R. HuberOptical communication system
US20020144190 *Oct 3, 2001Oct 3, 2002Corrigent Systems Ltd.Selective protection for ring topologies
US20020196490 *Jun 25, 2002Dec 26, 2002Corvis CorporationOptical transmission systems, devices, and methods
US20030021226 *Jul 24, 2001Jan 30, 2003Gal MorInterconnect and gateway protection in bidirectional ring networks
US20040208578 *Oct 1, 2002Oct 21, 2004Susumu KinoshitaOptical ring network with hub node and method
Referenced by
Citing PatentFiling datePublication dateApplicantTitle
US7818613 *Aug 3, 2004Oct 19, 2010Freescale Semiconductor, Inc.Arrangement and method for connecting a processing node in a distribution system
US8151337Jun 30, 2006Apr 3, 2012Microsoft CorporationApplying firewalls to virtualized environments
US8321613 *Mar 22, 2008Nov 27, 2012Phoenix Contact Gmbh & Co. KgMethod and system for secure transmission of process data to be transmitted cyclically via a transmission channel between a master and a slave
US20060274790 *Aug 3, 2004Dec 7, 2006Christopher TempleArrangement and method for connecting a processing node in a distribution system
US20080022385 *Jun 30, 2006Jan 24, 2008Microsoft CorporationApplying firewalls to virtualized environments
US20100131686 *Mar 22, 2008May 27, 2010Phoenix Contact Gmbh & Co. KgMethod and System for Secure Transmission of Process Data to be Transmitted Cyclically
Classifications
U.S. Classification455/424
International ClassificationH04L12/40, H04L12/12
Cooperative ClassificationH04L12/40026, H04L2012/40241, H04L12/40169, H04L2012/40273, Y02B60/34, H04L12/12
European ClassificationH04L12/12, H04L12/40R
Legal Events
DateCodeEventDescription
Mar 30, 2005ASAssignment
Owner name: FREESCALE SEMICONDUCTOR, INC., TEXAS
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:TEMPLE, CHRISTOPHER;RAUSCH, MATHIAS;REEL/FRAME:015974/0100
Effective date: 20050208
Feb 2, 2007ASAssignment
Owner name: CITIBANK, N.A. AS COLLATERAL AGENT, NEW YORK
Free format text: SECURITY AGREEMENT;ASSIGNORS:FREESCALE SEMICONDUCTOR, INC.;FREESCALE ACQUISITION CORPORATION;FREESCALE ACQUISITION HOLDINGS CORP.;AND OTHERS;REEL/FRAME:018855/0129
Effective date: 20061201
Owner name: CITIBANK, N.A. AS COLLATERAL AGENT,NEW YORK
Free format text: SECURITY AGREEMENT;ASSIGNORS:FREESCALE SEMICONDUCTOR, INC.;FREESCALE ACQUISITION CORPORATION;FREESCALE ACQUISITION HOLDINGS CORP.;AND OTHERS;REEL/FRAME:018855/0129
Effective date: 20061201
Mar 15, 2010ASAssignment
Owner name: CITIBANK, N.A.,NEW YORK
Free format text: SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:024085/0001
Effective date: 20100219
Owner name: CITIBANK, N.A., NEW YORK
Free format text: SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:024085/0001
Effective date: 20100219
May 13, 2010ASAssignment
Owner name: CITIBANK, N.A., AS COLLATERAL AGENT,NEW YORK
Free format text: SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:024397/0001
Effective date: 20100413
Owner name: CITIBANK, N.A., AS COLLATERAL AGENT, NEW YORK
Free format text: SECURITY AGREEMENT;ASSIGNOR:FREESCALE SEMICONDUCTOR, INC.;REEL/FRAME:024397/0001
Effective date: 20100413
Dec 21, 2015ASAssignment
Owner name: FREESCALE SEMICONDUCTOR, INC., TEXAS
Free format text: PATENT RELEASE;ASSIGNOR:CITIBANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:037354/0225
Effective date: 20151207
Owner name: FREESCALE SEMICONDUCTOR, INC., TEXAS
Free format text: PATENT RELEASE;ASSIGNOR:CITIBANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:037356/0143
Effective date: 20151207
Owner name: FREESCALE SEMICONDUCTOR, INC., TEXAS
Free format text: PATENT RELEASE;ASSIGNOR:CITIBANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:037356/0553
Effective date: 20151207